General
-
Target
Server.exe
-
Size
175KB
-
Sample
250214-y91taaylaz
-
MD5
8d934cc01dcc17160d25acd2282210a9
-
SHA1
f97a7b02edab514526495af6f8246abf68a4dd62
-
SHA256
db62f46202f39d7ef4599dadf8cf8255bd164bbbe69176208586e94899e71fd8
-
SHA512
c234579629623344e3b47c9804b73759d9de3691c0049b9da7da2fc3d0728e8d8f6a06ea4d5cc3afe44a1230d29f4a948a77787707a25e825bddfacb330cb4e4
-
SSDEEP
3072:me8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTEwARE+WpCc:+6ewwIwQJ6vKX0c5MlYZ0b2N
Malware Config
Extracted
asyncrat
Default
127.0.0.1:6606
127.0.0.1:7707
127.0.0.1:8808
AsyncMutex_6SI8OkPnk
-
delay
3
-
install
false
-
install_folder
%AppData%
Targets
-
-
Target
Server.exe
-
Size
175KB
-
MD5
8d934cc01dcc17160d25acd2282210a9
-
SHA1
f97a7b02edab514526495af6f8246abf68a4dd62
-
SHA256
db62f46202f39d7ef4599dadf8cf8255bd164bbbe69176208586e94899e71fd8
-
SHA512
c234579629623344e3b47c9804b73759d9de3691c0049b9da7da2fc3d0728e8d8f6a06ea4d5cc3afe44a1230d29f4a948a77787707a25e825bddfacb330cb4e4
-
SSDEEP
3072:me8p6ewdOIwQx76vK/bvTv0cU+lL/dMlZZUZ0b2gTEwARE+WpCc:+6ewwIwQJ6vKX0c5MlYZ0b2N
Score10/10-
AsyncRat
AsyncRAT is designed to remotely monitor and control other computers written in C#.
-
Asyncrat family
-
StormKitty
StormKitty is an open source info stealer written in C#.
-
StormKitty payload
-
Stormkitty family
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Drops desktop.ini file(s)
-
Legitimate hosting services abused for malware hosting/C2
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Looks up geolocation information via web service
Uses a legitimate geolocation service to find the infected system's geolocation info.
-
MITRE ATT&CK Enterprise v15
Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
1Credentials In Files
1